Security Advisory

Siemens Product Security Update Advisory

  • Nov 27 2024

Overview

An update has been released to address vulnerabilities in Siemens Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-52565, CVE-2024-52566, CVE-2024-52567, CVE-2024-52568, CVE-2024-52569, CVE-2024-52570, CVE-2024-52571, CVE-2024-52572, CVE-2024-52573, CVE-2024-52574

  • Tecnomatix Plant Simulation V2302 versions: ~ 2302.0018 (excluded)
  • Tecnomatix Plant Simulation V2404 versions: ~ 2404.0007 (excluded)

 

CVE-2024-46892

  • SINEC INS versions: ~ 1.0 SP2 Update 3 (excluded)

 

 

Resolved Vulnerabilities

 

Out-of-bounds write vulnerability when handling specially crafted WRL files in Tecnomatix Plant Simulation (CVE-2024-52565, CVE-2024-52566, CVE-2024-52569, CVE-2024-52570, CVE-2024-52571, CVE-2024-52573)

Read above the end of allocated structure vulnerability in Tecnomatix Plant Simulation when handling specially crafted WRL files (CVE-2024-52567, CVE-2024-52574)

Use-after-free vulnerability in Tecnomatix Plant Simulation when handling specially crafted WRL files (CVE-2024-52568)

Stack-based overflow vulnerability in the handling of specially crafted WRL files in Tecnomatix Plant Simulation (CVE-2024-52572)

Vulnerability in SINEC INS where sessions are not properly invalidated after a user is deleted, disabled, or has their privileges changed, allowing an authenticated attacker to continue malicious behavior (CVE-2024-46892)

 

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-52565, CVE-2024-52566, CVE-2024-52567, CVE-2024-52568, CVE-2024-52569, CVE-2024-52570, CVE-2024-52571, CVE-2024-52572, CVE-2024-52573, CVE-2024-52574

  • Tecnomatix Plant Simulation V2302 version: 2302.0018 or later version
  • Tecnomatix Plant Simulation V2404 version: 2404.0007 or later version

 

CVE-2024-46892

  • SINEC INS version: 1.0 SP2 Update 3 or later version

 

 

Referenced Sites

[1] SSA-824503: Multiple WRL File Parsing Vulnerabilities in Tecnomatix Plant Simulation Before V2302.0018 and V2404.0007

https://cert-portal.siemens.com/productcert/html/ssa-824503.html

[2] SSA-915275: Multiple Vulnerabilities in SINEC INS Before V1.0 SP2 Update 3

https://cert-portal.siemens.com/productcert/html/ssa-915275.html#cves-section

Tags:

Previous Post

Next Post